Regular readers may be wondering where the entire roderickrussell.com domain and all of its subdomains went this past week and a half. Here’s the story:

As I sit writing this article – surprisingly at my kitchen table for once and not an obscure cafe or bookstore in a far-flung location – I am experiencing a complete communications meltdown. My primary email is down, my cell phone is busted and I’ve had to resort to a backup address and the woes of Skype. In truth, my Skype experience hasn’t been bad at all, but my attitude is, shall we say, in the toilet since my domain name was stolen – yes, stolen.

How, you may be asking, was my domain stolen? A combination of registrar error and an unscrupulous cybersquatter is to blame, and it all begins with Namesecure – a misnomer if I’ve ever heard one.

Namesecure is the domain registrar that I have been working with for nigh on a decade now, and I’ve registered many a domain name with them. Historically pleased with their prices and service, I never hesitate to renew my domains with them because it is convenient, cheap and, so I thought, secure.

The events of August 14th changed all that.

Unbeknownst to me, my primary domain – roderickrussell.com – was set to expire on the 9th of July, ’07. I typically keep very close tabs on the expiration of my domains and my account is set to auto-renew. Over the years I have come to trust in Namesecure and their promise to notify me of impending expirations and to auto-renew prior to expiration dates.

This year was different, however. For an undisclosed reason my account did not auto-renew, and I did not receive any notification from the registrar regarding the upcoming expiration. The domain registration lapsed and it was supposed to go into the 35 day grace period – again, per the deletion policy – but it didn’t. Instead, the domain continued to function, I continued to not receive notification and once the non-grace grace period was up – poof – the domain stopped working, I lost all access to my domain and it was immediately purchased by a self-titled “Domain Merchant” – aka unscrupulous bastard – who was sitting and waiting for the domain to expire such that he could register it and sell it back to me for a huge profit.

Namesecure is entirely at fault here, and the Domain Merchant – Peter Croughs – is guilty of exploitation and immoral, unethical behavior – alas, due to the hazy legal ground surrounding many things electronic, he’s not guilty of a crime-by-law.

How Namesecure Failed:

Per Their Policy

If a customer has selected our “auto-renew” feature for a domain name registration, we will attempt to automatically renew the domain name registration approximately 60 days prior to the domain name registration expiration date

Auto-renew was selected, domain was not renewed by Namesecure. Strike 1.

If auto-renew was not selected, I should have received notification. I didn’t. Strike 2.

In an effort to help our customers avoid unintentional deletion of their domain names registration(s), we may, but are not obligated to, provide our customers with a “grace period” after their domain name registration services expiration date(s) (a “grace period” begins on the day after the date of expiration). We currently endeavor to provide a grace period that extends of 35 days past the expiration date, to allow the renewal of domain name registration services. During this period a customer can renew a domain name registration; however, a grace period is not guaranteed and can change or be eliminated at any time without notice.

As I was still listed as the owner, and the domain continued to function until August 14th, Namesecure clearly did extend me this grace period option. But again, the domain should not have worked during the grace period, and I should have received notification. Strike 3.

Registry Operators may provide registrars with the ability to “redeem” a deleted domain name for a customer, and we, in turn, may (but are not obligated to) provide customers with an ability to redeem a particular domain name registration. Such a Redemption Grace Period (RGP) is not guaranteed and customers should renew their domain name registration services in advance of the domain name registration expiration dates to avoid deletion of domain names registration services. Currently, the Registry Operators provide an RGP for 30 days from the date of deletion. If we decide to provide the redemption service to a customer, we charge a fee of $100 to redeem and renew a domain name during the RGP. If the domain name is not renewed by the expiration of the RGP, it is then placed on “Pending Delete” status for five additional days, after which it is deleted and the domain name character string is then once again available for registration.

Namesecure was more than happy to take $100 from me for redemption of this domain, clearly indicating that they had extended this “courtesy”, but they also allowed the registration of the domain by another party – Peter Croughs – thereby making it impossible for me to actually have the domain redeemed and registered in my name. Further evidence of the fact that the 30 day RGP should still be in effect is the fact that another one of my domains that expired on the same date is still available for the $100 redemption fee. Strikes 4 and 5 (as if there is such a thing).

Technically, the domain should still be held for another 30 days.

Moreover, why does the registrar offer the domain to a third party for a regular price of $8 or so, but require the original owner to pay $100 in redemption fees?!?

All these errors on the part of the registrar added up to the loss of my domain, the domain being purchased immediately by the third party, and said third party demanding payment of a huge fee to have my domain returned.

I’ve unfortunately had no choice but to pay said fee to Peter Croughs, as Namesecure has been completely unresponsive to all of my many, many support emails – email being my only recourse, as they have completely eliminated any phone contact options altogether.

Being quite powerless throughout this ordeal, out a good chunk of change and at the mercy of the domain transfer process, I turned my energy towards researching the individual who stole my domain. As it turns out, I’ve dug up quite a bit of interesting information – not all entirely flattering, some of which could genuinely incriminate and link said party and members of his family to potentially damaging activities – and I considered posting it here for the world to see. However, I’m still philosophically on-the-fence regarding the ethics of such an action, so for today at least, I shall refrain. You will undoubtedly see future posts discussing the ethics of the case and of cybersquatting in general. For the time being, I simply ask that the record reflect that this man makes his living by exploiting others – he’s no better than a common crook and it is unfortunate that the written law has not yet caught up with him.

As for Namesecure, I have ceased all of my dealings with them and recommend that others transfer their own domains to new registrars as quickly as can be. I would hate to see others fall prey to the poor service and loss of money that I myself have succumbed to.

The service that I am currently using – and have been using as a hosting provider for quite some time now – is GoDaddy.com. I recommend GoDaddy and can vouch for their top-notch support. I’ve had many phone conversations with them over the past two years and they have always been extremely responsive. You can be assured that there is a caring human at the other end of the phone with this company.

The complete loss of my business due to this registrar screw up and domain poacher has been devastating. Literally tens of thousands of dollars have been lost over this past week, as this is my peak booking season. Untold promotional opportunities have been lost in the fray – I was in the middle of arranging a huge book signing tour when this all came down. And on top of it all, my blog has been losing money daily, personal emails have gone undelivered and my professional reputation has been marred. It is my hope that others can learn from my experience and keep a very hands-on approach to their domain management. Do not trust the registrars. Do not trust the automated systems. Keep your hands in the business and an eye on the calendar while you manually pay and renew domain registrations and hosting plans. It is time consuming, yes, but let me assure you that losing everything and attempting to recover it will exceed any stress you’d incur by assuring that it doesn’t happen in the first place. And lest you think that nobody would want your domain – I didn’t think so – let me assure you, from experience, that the world is filled with thieves ready to pounce on your horde, no matter how insignificant you may believe it to be.

That said, one would think that I’d lose faith in humanity, that I’d somehow become bitter, suspicious (it certainly sounds that way!) and untrusting. Miraculously I’m not. I still have faith that most people are genuinely good – just that there are a few individuals whose vial rottenness can make the good seem paltry by comparison.

Guard your investments, but don’t close up your minds entirely.

###
Bart Croughs, Domain Merchants, domain names, domain registrars, domain squatting, domaining, Dutch, GoDaddy, Groningen, Libertarian, Namesecure, Namesecure.com, necro-squatting, Netherlands, Peter Croughs, peter@croughs.com, registrars, Roderick Russell, theft, typo-squatting